sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(configuration): make root password, user keys, and sudo all optional

Browse Source
This commit is contained in:
MORAWSKI Norbert
2026-03-20 02:03:48 +01:00
parent 8ef57ebbda
commit 398f1b081d
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
roles/configuration/tasks/users.yml
View File

@@ -1,5 +1,6 @@
---
- name: Set root password
when: (system_cfg.root.password | default('') | string | length) > 0
ansible.builtin.shell: >-
set -o pipefail &&
echo 'root:{{ system_cfg.root.password | password_hash("sha512") }}' | {{ chroot_command }} /usr/sbin/chpasswd -e
@@ -9,6 +10,13 @@
changed_when: configuration_root_result.rc == 0
no_log: true
- name: Lock root account when no password is set
when: (system_cfg.root.password | default('') | string | length) == 0
ansible.builtin.command: >-
{{ chroot_command }} /usr/bin/passwd -l root
register: configuration_root_lock_result
changed_when: configuration_root_lock_result.rc == 0
- name: Set root shell
ansible.builtin.command: >-
{{ chroot_command }} /usr/sbin/usermod --shell {{ system_cfg.root.shell }} root
@@ -34,7 +42,7 @@
no_log: true
- name: Ensure .ssh directory exists
when: item['keys'] | default([]) | length > 0
when: "'keys' in item and item['keys'] is iterable and item['keys'] is not string and item['keys'] | length > 0"
ansible.builtin.file:
path: "/mnt/home/{{ item.name }}/.ssh"
state: directory